Authenticated Remote Command Execution in ASUS DSL-N12E_C1 1.1.2.3_345

Authenticated Remote Command Execution in ASUS DSL-N12E_C1 1.1.2.3_345

CVE-2018-15887 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.

Learn more about our Web Application Penetration Testing UK.